Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11592
Views
0
Helpful
5
Replies

Cisco Switch 3850 model : SSH Connection Refused, network error.

Go to solution
Tosin Ola
Level 1
Level 1

‎01-15-2020 01:51 AM

Hi ,

I have been troubleshooting this switch 3850 about 3 days now but still no luck. The switch cannot connect remotely through SSH. 

i did sh ip ssh command:

RESULT
SSH Disabled - version 2.0
%Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa
Encryption Algorithms:aes256-ctr
MAC Algorithms:hmac-sha1-96
KEX Algorithms:diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 2048 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): NONE

 

#sh ssh
%No SSHv2 server connections running.

 

LINE VTY CONFIG

 

line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password 7 0239532B1E312145
authorization exec AAA
accounting commands 15 AAA
login authentication AAA
transport input ssh
transport output ssh
line vty 5 15
password 7  0239532B1E312145
authorization exec AAA
accounting commands 15 AAA
login authentication AAA
transport input ssh
transport output ssh

 

Please what am i doing wrong.  I really need this switch to work as client are putting more pressure on me.

 

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Tosin Ola
Level 1
Level 1

‎02-06-2020 01:30 AM

Below is the commad i used :

 

no ip ssh rsa keypair-name sshkey

 

ip ssh server algorithm mac hmac-sha2-512 hmac-sha2-256 hmac-sha1-96 hmac-sha1

 

ip ssh server algorithm encryption aes256-ctr aes192-ctr aes128-ctr

 

crypto key generate rsa [Modulus 1024]

 

sh ip ssh [SSH Enabled v2.0]

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Mark Malone
VIP Alumni
VIP Alumni

‎01-15-2020 02:19 AM

hi

you have no key create it cehck again show ip ssh

 

%Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).

 

(config)#crypto key generate rsa

hit return and type 2048 and hit return again

 

then run show ip ssh again

0 Helpful

Go to solution
Tosin Ola
Level 1
Level 1
In response to Mark Malone

‎01-15-2020 04:30 AM

i have generated crypto key using modulus 768 and 1024 .

I will try and use 2048 bit and see how it goes

0 Helpful

Go to solution
Mark Malone
VIP Alumni
VIP Alumni
In response to Tosin Ola

‎01-15-2020 06:21 AM

If it doesnt work post what you see exactly , in case something else is happening but currently without a Key you wont get an SSH
0 Helpful

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni

‎01-15-2020 02:32 AM - edited ‎01-15-2020 02:33 AM

Hello, do it:

sw(config): username teste privilege 15 secret testin@123 (create a batter than this exemple)
sw(config): crypto key generate rsa modulus 2048
sw(config): ssh version 2
sw(config): line vty 0 15
sw(config-if): transport input ssh

test your connection again.

 

here you will find a good documentation about this process: https://www.cisco.com/c/en/us/support/docs/security-vpn/secure-shell-ssh/4145-ssh.html

Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

Go to solution
Tosin Ola
Level 1
Level 1

‎02-06-2020 01:30 AM

Below is the commad i used :

 

no ip ssh rsa keypair-name sshkey

 

ip ssh server algorithm mac hmac-sha2-512 hmac-sha2-256 hmac-sha1-96 hmac-sha1

 

ip ssh server algorithm encryption aes256-ctr aes192-ctr aes128-ctr

 

crypto key generate rsa [Modulus 1024]

 

sh ip ssh [SSH Enabled v2.0]

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card